In its latest IT Threat Evolution report, Kaspersky Lab said the third quarter was "undoubtedly the quarter of mobile botnets," as cybercriminals tried to improve the ways they manage their networks of infected Android devices.

The latest weapon in criminals' arsenal is GCM, which enables them to send short messages in the JSON format to instruct malware on Android devices. JSON, or JavaScript Object Notation, is an open standard format that uses human-readable text to transmit data from a server to Web applications.

GCM is being used to communicate with the most widespread SMS Trojans, Kaspersky said in the report released Friday. SMS Trojans are a common form of mobile malware that sends text messages to premium-rate phone services. The charges, which are not easily recovered, show up later on the victim's wireless phone bill.

"The only way of preventing this channel from being used by malware writers to communicate to their malware is to block the GCM accounts of developers who use them to spread malware," Kaspersky said.

Very few malicious programs use GCM, but those that can are growing in popularity, the security vendor said.

SMS Trojans, the most common type of mobile malware, are mostly found in Russia and other regions where Android users regularly download software from third-party app stores. Malware is much less likely to hide in Google Play, the official Android store.

Infection hurdles include bypassing defenses Google builds into the operating system and the lack of effective mechanisms for mass distribution. Criminals are turning to botnets to clear the latter, and Kaspersky in mid-July recorded what the vendor said were the first third-party botnets.

Criminals rent such networks to others for malware distribution. Among the malware distributed is the most sophisticated Android Trojan, known as Obad, Kaspersky said.

The malware opens a backdoor in an infected device in order to download additional malicious code for stealing money from victims' bank accounts. While not common in the U.S., people in other countries often use their smartphone for money transfers.

Kaspersky found Obad being distributed through mobile devices infected with malware called Trojan-SMS.AndroidOS.Opfake.a. Upon receiving instructions from a command-and-control server, Opfake would send text messages to everyone on a victim's contact list, inviting them to download multimedia content.